summaryrefslogtreecommitdiffhomepage
path: root/sites/www/changelog.rst
diff options
context:
space:
mode:
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r--sites/www/changelog.rst12
1 files changed, 12 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index d5bdadec..06d95c9f 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -16,6 +16,12 @@ Changelog
to what OpenSSH's own client does: a version check is performed and the
algorithm used is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
+- :support:`2038` (via :issue:`2039`) Recent versions of Cryptography have
+ deprecated Blowfish algorithm support; in lieu of an easy method for users to
+ remove it from the list of algorithms Paramiko tries to import and use, we've
+ decided to remove it from our "preferred algorithms" list. This will both
+ discourage use of a weak algorithm, and avoid warnings. Credit for
+ report/patch goes to Mike Roest.
- :bug:`2008` (via :issue:`2010`) Windows-native SSH agent support as merged in
2.10 could encounter ``Errno 22`` ``OSError`` exceptions in some scenarios
(eg server not cleanly closing a relevant named pipe). This has been worked
@@ -29,12 +35,18 @@ Changelog
under Python 3.10. Thanks to Karthikeyan Singaravelan for the report,
``@Narendra-Neerukonda`` for the patch, and to Thomas Grainger and Jun Omae
for patch workshopping.
+- :feature:`1951` Add SSH config token expansion (eg ``%h``, ``%p``) when
+ parsing ``ProxyJump`` directives. Patch courtesy of Bruno Inec.
- :bug:`1964` (via :issue:`2024` as also reported in :issue:`2023`)
`~paramiko.pkey.PKey` instances' ``__eq__`` did not have the usual safety
guard in place to ensure they were being compared to another ``PKey`` object,
causing occasional spurious ``BadHostKeyException`` (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report/patch and
to Christopher Papke for the final version of the fix.
+- :support:`2004` (via :issue:`2011`) Apply unittest ``skipIf`` to tests
+ currently using SHA1 in their critical path, to avoid failures on systems
+ starting to disable SHA1 outright in their crypto backends (eg RHEL 9).
+ Report & patch via Paul Howarth.
- :bug:`2035` Servers offering certificate variants of hostkey algorithms (eg
``ssh-rsa-cert-v01@openssh.com``) could not have their host keys verified by
Paramiko clients, as it only ever considered non-cert key types for that part
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-10 19:42:25 +0000